Answer:
Many times the Internet may be in fact the most difficult way to penetrate the financial institution's network. Direct dial to a modem may be easier. Using simple communications utilities and software such as Hyperterminal or PC Anywhere, you can test direct dial connections for vulnerabilities. If the modem is left on, it is sometimes fairly easy to establish a connection and get a login screen. Hopefully, the penetration will end there if user identification and password protection is activated.
Unbeknownst to financial institution management, vendors sometimes leave security holes in networks so vendor support personnel can dial in conveniently. Such dial-in access should be restricted to the authorized vendor, and the modem should be turned off until vendor support personnel call and request access.
Be aware that some vendors use very simple user identification and password combinations for their access, so just because this security feature is activated does not mean that adequate security is in place.
Your overall Information Security Program should include the proper risk assessments, policies, external and internal IT audits and reviews, network vulnerability assessments, network security technology (i.e., firewalls, anti-virus, intrusion detection systems, ongoing vulnerability scanning, content filtering, etc.), and security awareness and education for your end users, as most security threats continue to be internal.
First published on BankersOnline.com 08/14/06
print
share